Automatically senhasegura will grant access permission only for that credential and only to the selected user and will revoke this right as soon as the validity expires, closing the session if it is still open. senhasegura will use just-in-time credentials to assure the security of this access and will allow auditing just like conventional sessions, through video of the session and the command log.
Exceptional access Sometimes, in exception or emergency scenarios, it will be necessary to grant access to a credential to a certain user for a short period of time.
In these cases, to avoid modifying the PAM Access Groups, you can use the Exceptional Access functionality. Modification of PAM access groups can create access conflicts with other users, limiting or granting improper access.
Create Exceptional Access
To set up exceptional access to a credential, follow these steps:
Go to the Credentials report and click on the Exceptional access registration action for the desired credential;
In the presented form, configure the access validity period in the fields Access restriction;
Configure the users who will benefit from access;
Click Save to finish the configuration;
Users will not be notified that they have received exceptional access.
Exceptional Access Report
To view the configured exceptional access list, go to the menu PAM Core ➔ Access Control ➔ Exceptional Access.
In this report you can see which credentials each user has access to. Through the details, you can see more information of the release operation and what actions can be performed.